The Threat of Free Public WiFi

Folks, I was at the airport and I popped open my laptop to hop on the net and upon doing so I encountered a seriously sneaky bastard. Do you see anything wrong with the image below?

Well, hopefully you notice the little icon of a laptop beside the network entitled “Free Public WiFi”. This is NOT a free wireless access point, but instead a laptop computer that someone has configured to capture your personal data and rob you blind.The way this scam works is that a criminal entices unwitting suspects to connect to the Internet through their computer. Meanwhile, they are running packet sniffing software to read every bit of unencrypted data passing through it. This includes every web page you visit, the e-mails you write, and even the instant messages you send.

Why would someone want to do this? Because if they listen to what you say long enough they are eventually going to capture a password or some personally identifying information that could prove useful to them.

Oh, and if that isn’t bad enough, once your laptop is connected to theirs, you have opened the door for them to scan all of the ports on your machine in the hopes of finding a security loophole. If they do find one, they could install a rootkit or some other malware on your machine, turning it into a mindless zombie under their control from now on.

So, the bottom line here is, don’t be randomly connecting to just any old network you see. You need to ensure that you are actually connecting to a wireless access point (you can even tell Windows to ONLY show WAPs), and that you have a software firewall installed (see my list of Top 50 Favorite Freeware for recommendations).

Edit: Thanks to Kim for pointing out that there were YouTube videos on this topic. I found these two which share a little more info. The first is from Chris Pirillo:

About John P.

John P. is a former CEO, former TV Show Host, and currently an unemployed bum. You can find him on Twitter, Facebook and Google+. Feel free to send shoutouts, insults, and praise. Or Money. Money is good.

It’s not caused by a windows feature as it appears on windows vista and windows 7.
It’s just the fact that somebody is setting up their own wireless network and acting as a Man in the middle, without the end user knowing that a man in the middle ever existed.

Well, it may be true that some people have maliciously set up “Free Public WiFI” ad-hoc systems, but as Terry said, the majority of them are caused by a WINDOWS “feature” – the user has no idea that this is going on. Google it.

Yeah, thanks! This whole WiFi thing is a mystery for most of us, so were not savvy enough to know a scam from a freebie…. I guess we should subscribe to the notion that if it’s too good to be true (free internet), it’s not true!

This is likely part of an innocent virus or a “feature of Windows XP” depending on who you talk to. Essentially, a person affected has a beacon set to broadcast a peer to peer network called “Free Public WiFi”. Once a careless person tries to connect it then infects that system and they start broadcasting the same thing. The alternate explanation is that when XP (older version but guess what most people don’t patch their OS) connects to a network it retains that SSID and broadcasts it as a ad hoc network. And from there it spreads. A more detailed explanation is here.

Freaky, scary, technical, complicated stuff! Yikes! I think I’ve mentioned before, my dad just gifted me with a ThinkPad, and so this stuff has been on my mind a lot. So far, though – I’ve only used it for accessing the internet while in the office, with the router! Ha! Weak old router won’t let me leave the room! Ha! And I’ve thought of going to the town square coffee shop, but, haven’t made it yet. Kind of glad, though – because, it makes me so nervous.

(Second video no longer available.)

Ok, off to tell Windows to only show WAP’s.

Oh yeah! And the Nintendo DS can access the internet? Seriously? I didn’t know that….I’m sure my kids know, but, I guess you’d have to pay for it, so they haven’t even brought it up to me.

Although they continuously beg for Xbox Live access! NO! Not yet – I’m just not ready to go there with them yet.

Wow, I should have known this but didn’t.. thanks for the heads up John. I’d seen that option in the settings and ignored it until now.. There are several neighbors with unsecured and you never do know who you’re connecting to, that’s for sure!

It’s funny because in many cases the Free WiFi scammers are targeting the people who have the least money. Business travelers probably have a paid subscription to T-Mobile or something like that, so they don’t care about and wouldn’t use a free access point.

Scary thought that someone would do that, I read another article about this a while back about a guy who had this happen to him ina hotel lobby. There are also some Youtube videos out there where they demonstrate this so you know what to look for.

I had actually been wondering about this for a while. A ‘free public wifi’ type thing appeared for me in my old apartment, and I (being clueless) assumed it was what it claimed to be. Fortunately I was never able to actually connect to it :)